Update request Critical Security Vulnerabilities in FreeRTOS v10.3.1 (CVE-2021-32020, CVE-2021-31572.) #98
Description
Caution
The Issues are strictly limited for the reporting of problems encountered with the software provided in this project.
For any other problem related to the STM32 product, the performance, the hardware characteristics and boards, the tools, or the environment in general, please post a topic in the ST Community/STM32 MCUs forum.
Describe the set-up
-
Board: Custom board using the STM32L476.
-
IDE/Compiler: STM32CubeIDE version 1.17.0 with STM32Cube MCU Package for STM32L4 Series 1.18.1.
Describe the bug
The STM32Cube MCU Package for STM32L4 Series 1.18.1 uses FreeRTOS v10.3.1, which is affected by the following critical security vulnerabilities:
-
CVE-2021-32020: Insufficient bounds checking during management of heap memory.
-
CVE-2021-31572: Integer overflow in
stream_buffer.cfor a stream buffer. -
CVE-2021-31571: Integer overflow in
queue.cfor queue creation. -
CVE-2021-43997: Lack of prevention for non-kernel code from calling
xPortRaisePrivilegeto raise privilege.
These vulnerabilities pose significant risks, including unauthorized access, application instability, and denial of service.
How To Reproduce
-
Global Behavior: The project demonstrates standard FreeRTOS-based multitasking behavior on STM32 boards.
-
Suspected Modules: FreeRTOS kernel,
stream_buffer,queue,xPortRaisePrivilegemanagement, and memory handling. -
Use Case: Applications involving tasks with high-priority interrupts or extensive memory operations may trigger these vulnerabilities.
-
Reproduction Steps:
- Set up a project using FreeRTOS v10.3.1 on STM32CubeIDE v1.17.0 with the STM32Cube MCU Package for STM32L4 Series 1.18.1.
Additional context
Looking at the STM32 Github repo stm32-mw-freertos repository FreeRTOS v10.6.2 is already available. This version includes fixes for the mentioned vulnerabilities. I am happy to assist with testing or integration if needed.
Screenshots
Not applicable for this issue.